Update 2.0

Acquisition for new log source added:
- Added Azure Directory Activity logs.

Output Structure Improvements:
Restructured the output to write results to specific folders instead of multiple outputs in Userinfo. For instance, the MFA functionality now generates a new folder named MFA for its output.

Performance improvements inspired by Calvindd2f:
- Replaced | Out-Null with > $null across multiple instances in the script for improved performance.
- Redesigned the log-writing mechanism for increased speed.
- Set default parameters in CmdletBindings across all scripts.
- Created a function for combining logs outside of the function utilizing this.

Authentication Type Detection:
- Implemented functionality to automatically detect whether the user is logged in via Graph with delegated or application permissions. This prevents unnecessary errors by ensuring that the script connects with the appropriate scopes based on the authentication type.
- Removed the need for the Application parameter. The script now automatically determines the authentication type in the background.

Optimized Graph API Requests:
Updated certain functionalities to use Invoke-MgGraphRequest instead of the Graph PowerShell Module cmdlets for improved performance and reliability.
- The Get-MFA script now utilizes Invoke-MgGraphRequest to ensure all output is captured, including nested objects that were previously missed.
- Get-Email, Get-Attachment, Show-Email are now using Invoke-MgGraphRequests for better performence and reliability.
- Get-UALGraph has been reworked and is now using Invoke-MgGraphrequest for better performence.
- Get-RiskyUsers & Get-RiskyDetections are both using Invoke-MgGraphrequest now.

Get-ADSignInLogsGraph and Get-ADAuditLogsGraph:
Inspired by code snippets from Calvindd2f, both functionalities have been reworked to use Invoke-MgGraphRequest. This change simplifies paging,
eliminates the need for guessing the correct intervals, and allows for more efficient log retrieval. As a result, the script is now easier to use, faster, and should mitigate memory issues.

Get-ActivityLogs
This functionality now uses Invoke-RestMethod instead of the AzureAZ PowerShell Module cmdlets for improved performance and reliability.
This change simplifies paging, eliminates the need to guess correct intervals, and enables more efficient log retrieval.

Read The Docs:
Updated Read The Docs so it's up to date with the latest changes.

areYouConnected:
The $areYouConnected function, which checks if the script can run the necessary actions and provides an error if it cannot, has been improved.
It now displays the actual error message when the script fails, rather than a custom error message.
Additionally, it no longer checks the module before running the main code (for most functions), making the script faster by avoiding unnecessary module checks.

Scripts/Get-AdminAuditLog.ps1

@@ -68,7 +68,7 @@ function Get-AdminAuditLog {
 		$results | Export-Csv $outputDirectory -NoTypeInformation -Append -Encoding UTF8
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}   

Scripts/Get-AzureADGraphLogs.ps1

@@ -102,7 +102,7 @@ function Get-ADSignInLogsGraph {
         } While ($apiUrl)
     }
     catch {
-        Write-LogFile -Message "[INFO] Make sure you are connected to Connect-MgGraph before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph command before executing this script" -Color "Yellow"
         Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
     }
 	Write-LogFile -Message "[INFO] Acquisition complete, check the $($OutputDir) directory for your files.." -Color "Green"		
@@ -212,7 +212,7 @@ function Get-ADAuditLogsGraph {
 		} While ($apiUrl)
 	}
 	catch {
-		Write-LogFile -Message "[INFO] Make sure you are connected to Connect-MgGraph before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
     }	
 	Write-LogFile -Message "[INFO] Acquisition complete, check the $($OutputDir) directory for your files.." -Color "Green"		

Scripts/Get-AzureADLogs.ps1

@@ -114,7 +114,7 @@ function Get-ADSignInLogs {
 					Write-LogFile -Message "[WARNING] Failed to acquire logs. Retrying... Attempt $retryCount of $maxRetries" -Color "Yellow"
 				} else {
 					Write-LogFile -Message "[ERROR] Failed to acquire logs after $maxRetries attempts. Moving on." -Color "Red"
-					Write-logFile -Message "[INFO] You must call Connect-Azure or install AzureADPreview before running this script" -Color "Red"
+					write-logFile -Message "[INFO] Ensure you are connected to Azure by running the Connect-Azure command or install AzureADPreview before executing this script" -Color "Yellow"
 					Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 				}
 			}
@@ -273,7 +273,7 @@ function Get-ADAuditLogs {
 					Write-LogFile -Message "[WARNING] Failed to acquire logs. Retrying... Attempt $retryCount of $maxRetries" -Color "Yellow"
 				} else {
 					Write-LogFile -Message "[ERROR] Failed to acquire logs after $maxRetries attempts. Moving on." -Color "Red"
-					Write-logFile -Message "[WARNING] You must call Connect-Azure or install AzureADPreview before running this script" -Color "Red"
+					write-logFile -Message "[INFO] Ensure you are connected to Azure by running the Connect-Azure command or install AzureADPreview before executing this script" -Color "Yellow"
 					Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 				}
 			}

Scripts/Get-AzureActivityLogs.ps1

@@ -74,7 +74,6 @@ function Get-ActivityLogs {
 	$azureRmProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
 	$profileClient = [Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient]::new($azureRmProfile)
 	$token = $profileClient.AcquireAccessToken($currentContext.Tenant.Id)
-	#$token
 
 	if ($SubscriptionID -eq "") {
 		write-logFile -Message "[INFO] Retrieving all subscriptions linked to the logged-in user account" -Color "Green"
@@ -90,7 +89,7 @@ function Get-ActivityLogs {
 			$subScription = $subscriptionsResponse.value
 		}
 		catch {
-			write-logFile -Message "[INFO] You must call Connect-AzureAZ before running this script" -Color "Red"
+			write-logFile -Message "[INFO] Ensure you are connected to Azure by running the Connect-Az command before executing this script" -Color "Yellow"
 			Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 			break
 		}
@@ -105,7 +104,7 @@ function Get-ActivityLogs {
 			$subScription = Get-AzSubscription -SubscriptionId $SubscriptionID
 		}
 		catch {
-			write-logFile -Message "[INFO] You must call Connect-AzureAZ before running this script" -Color "Red"
+			write-logFile -Message "[INFO] Ensure you are connected to Azure by running the Connect-Az command before executing this script" -Color "Yellow"
 			Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 			break
 		}
@@ -115,7 +114,6 @@ function Get-ActivityLogs {
 		$subId = $sub.subscriptionId
 		write-logFile -Message "[INFO] Retrieving all Activity Logs for $subId" -Color "Green"	
 
-		#$subId = $sub.Id
 		$date = [datetime]::Now.ToString('yyyyMMddHHmmss') 
 		$filePath = "$OutputDir\$($date)-$subId-ActivityLog.json"
 

Scripts/Get-ConditionalAccessPolicy.ps1

@@ -104,7 +104,7 @@ Function Get-ConditionalAccessPolicies {
     }
 
     catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes Policy.Read.All before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes Policy.Read.All command before executing this script" -Color "Yellow"
         Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" 
         break
     }

Scripts/Get-Emails.ps1

@@ -138,7 +138,7 @@ Function Get-Email {
             }
         }
         catch {
-            Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes Mail.ReadBasic.All before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes Mail.ReadBasic.All command before executing this script" -Color "Yellow"
             Write-logFile -Message "[WARNING] The 'Mail.ReadBasic.All' is an application-level permission, requiring an application-based connection through the 'Connect-MgGraph' command for its use." -Color "Red"
             return
         }  
@@ -192,7 +192,7 @@ Function Get-Attachment {
         $getMessage = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users/$userIds/messages?filter=internetMessageId eq '$internetMessageId'" -ErrorAction stop
     }
     catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes Mail.ReadBasic.All before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes Mail.ReadBasic.All command before executing this script" -Color "Yellow"
         Write-logFile -Message "[WARNING] The 'Mail.ReadBasic.All' is an application-level permission, requiring an application-based connection through the 'Connect-MgGraph' command for its use." -Color "Red"
         Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
         break
@@ -259,7 +259,7 @@ Function Show-Email {
         $message = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/v1.0/users/$userIds/messages?filter=internetMessageId eq '$internetMessageId'" -ErrorAction stop
     }
     catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes Mail.ReadBasic.All before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes Mail.ReadBasic.All command before executing this script" -Color "Yellow"
         Write-logFile -Message "[WARNING] The 'Mail.ReadBasic.All' is an application-level permission, requiring an application-based connection through the 'Connect-MgGraph' command for its use." -Color "Red"
         Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
         break

Scripts/Get-MailItemsAccessed.ps1

@@ -73,7 +73,7 @@ Function Get-Sessions {
             $amountResults = (Search-UnifiedAuditLog -StartDate $StartDate -UserIds $UserIds -EndDate $EndDate -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount)
         }
         catch {
-            write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
             Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
             break
         }
@@ -116,7 +116,7 @@ Function Get-Sessions {
                 $amountResults = (Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -FreeText $IP -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount)
             }
             catch {
-                write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+                write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
                 Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
                 break
             }
@@ -161,7 +161,7 @@ Function Get-Sessions {
                 $amountResults = (Search-UnifiedAuditLog -UserIds $UserIds -FreeText $IP -StartDate $StartDate -EndDate $EndDate -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount)
             }
             catch {
-                write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+                write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
                 Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
                 break
             }
@@ -206,7 +206,7 @@ Function Get-Sessions {
                 $amountResults = (Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount)
             }
             catch {
-                write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+                write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
                 Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
                 break
             }
@@ -326,7 +326,7 @@ function Get-MessageIDs {
             $amountResults = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount
         }
         catch {
-            write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
             Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
             break
         }
@@ -406,7 +406,7 @@ function Get-MessageIDs {
             $amountResults = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -FreeText $IP -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount
         }
         catch {
-            write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
             Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
             break
         }
@@ -493,7 +493,7 @@ function Get-MessageIDs {
             $amountResults = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -FreeText $Sessions -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount
         }
         catch {
-            write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
             Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
             break
         }
@@ -575,7 +575,7 @@ function Get-MessageIDs {
             $amountResults = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -FreeText $IP -Operations "MailItemsAccessed" -ResultSize 1 | Select-Object -First 1 -ExpandProperty ResultCount
         }
         catch {
-            write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+            write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
             Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
             break
         }
@@ -697,7 +697,7 @@ function DownloadMails($iMessageID,$UserIds){
         }
     }
     catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes Mail.ReadBasic.All before running the -Download flag" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes Mail.ReadBasic.All command before executing this script" -Color "Yellow"
         Write-logFile -Message "[WARNING] The 'Mail.ReadBasic.All' is an application-level permission, requiring an application-based connection through the 'Connect-MgGraph' command for its use." -Color "Red"
         Write-Host "[WARNING] Error Message: $($_.Exception.Message)" -Color "Red"
         break

Scripts/Get-MailboxAuditLog.ps1

@@ -56,7 +56,7 @@ function Get-MailboxAuditLog
 		$areYouConnected = Search-MailboxAuditlog -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}

Scripts/Get-MessageTraceLog.ps1

@@ -89,7 +89,7 @@ function Get-MessageTraceLog
 		$areYouConnected = Get-MessageTrace -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}

Scripts/Get-OAuthPermissions.ps1

@@ -93,7 +93,7 @@ Lists delegated permissions (OAuth2PermissionGrants) and application permissions
 	try {
         $tenant_details = Get-AzureADTenantDetail -ErrorAction stop
     } catch {
-		write-logFile -Message "[WARNING] You must call Connect-Azure before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to Azure by running the Connect-Azure command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}

Scripts/Get-RiskyEvents.ps1

@@ -82,7 +82,7 @@ function Get-RiskyUsers {
             $uri = $response.'@odata.nextLink'
         } while ($uri -ne $null)
     } catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes IdentityRiskEvent.Read.All,IdentityRiskyServicePrincipal.Read.All,IdentityRiskyUser.Read.All before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes IdentityRiskEvent.Read.All,IdentityRiskyServicePrincipal.Read.All,IdentityRiskyUser.Read.All command before executing this script" -Color "Yellow"
         Write-LogFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
         break
     }
@@ -197,7 +197,7 @@ function Get-RiskyDetections {
             $uri = $response.'@odata.nextLink'
         } while ($uri -ne $null)
     } catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes IdentityRiskEvent.Read.All,IdentityRiskyServicePrincipal.Read.All,IdentityRiskyUser.Read.All before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes IdentityRiskEvent.Read.All,IdentityRiskyServicePrincipal.Read.All,IdentityRiskyUser.Read.All command before executing this script" -Color "Yellow"
         Write-LogFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
         break
     }

Scripts/Get-UAL.ps1

@@ -86,7 +86,7 @@ function Get-UALAll
 		$areYouConnected = Get-AdminAuditLogConfig -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}
@@ -300,7 +300,7 @@ function Get-UALGroup
 		$areYouConnected = Get-AdminAuditLogConfig -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}
@@ -554,7 +554,7 @@ function Get-UALSpecific
 		$areYouConnected = Get-AdminAuditLogConfig -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}
@@ -781,7 +781,7 @@ function Get-UALSpecificActivity
 		$areYouConnected = Get-AdminAuditLogConfig -ErrorAction stop
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}

Scripts/Get-UALGraph.ps1

@@ -153,7 +153,7 @@ Function Get-UALGraph {
         }   
     }
     catch {
-        Write-logFile -Message "[WARNING] You must call Connect-MgGraph -Scopes 'AuditLogsQuery.Read.All' before running this script" -Color "Red"
+        write-logFile -Message "[INFO] Ensure you are connected to Microsoft Graph by running the Connect-MgGraph -Scopes 'AuditLogsQuery.Read.All' command before executing this script" -Color "Yellow"
         Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
         break
     }

Scripts/Get-UALStatistics.ps1

@@ -70,7 +70,7 @@ function Get-UALStatistics
 		$totalCount = Search-UnifiedAuditLog -Userids $UserIds -StartDate $script:StartDate -EndDate $script:EndDate -ResultSize 1 |  Format-List -Property ResultCount| out-string -Stream | select-string ResultCount
 	}
 	catch {
-		write-logFile -Message "[WARNING] You must call Connect-M365 before running this script" -Color "Red"
+		write-logFile -Message "[INFO] Ensure you are connected to M365 by running the Connect-M365 command before executing this script" -Color "Yellow"
 		Write-logFile -Message "[ERROR] An error occurred: $($_.Exception.Message)" -Color "Red"
 		break
 	}